Zero-day exploits continued to be used in targeted attacks because they are effective, given that software vendors have yet to create patches for them. Throughout our on-going investigation and monitoring of a targeted attack campaign, Operation Pawn Storm, we found suspicious URLs that hosted a newly discovered zero-day exploit in Java. This is the first time in nearly two years that a new Java zero-day vulnerability was reported.
Note that this zero-day exploit is NOT part of the recent slew of vulnerabilities related to the Hacking Team leak. The group behind Operation Pawn Storm is using the Java zero-day exploit as part of their campaign.
Pawn Storm Update: Trend Micro Discovers New Java Zero-Day Exploit
A Java 0-day, now that's scary. Now even the most up to date version of Java (Java 8 Update 45) cannot be considered secure at all.